There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- 5th Annual Global Cyber Security Forum – Lebanon
July 23, 2019
Press Release Taking in cognisance the evolving cyber threats across the globe, several nations have formed committee’s & taskforces to implement the best strategies to fight cybercrimes. These task forces are destined to ensure the nation’s assets are protected against any threats by implementing best policies & state-of-the-art solutions, whilst creating a robust ecosystem for ease ...
- Lancaster University students’ data stolen by cyber-thieves
July 23, 2019
Students’ personal data has been stolen in a “sophisticated and malicious” phishing attack at Lancaster University. Officials said the information had been used to send bogus invoices to applicants. “A very small number” of student records, phone numbers and ID documents were also accessed, it said. The breach has been reported to police and the Information Commissioner’s Office. In ...
- Massive 7.5TB breach reveals secret Russian IT projects
July 22, 2019
Hackers breached the server of a major contractor working on behalf of the Russian intelligence service before stealing 7.5TB of sensitive data and sharing this freely with other hackers and journalists. Attackers infiltrated the company network of SyTech on 13 July, according to BBC Russia, and began a process of copying data while deleting masses of it. ...
- Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year old XHide
July 19, 2019
One of our honeypots detected a threat that propagates by scanning for open ports and brute forcing weak credentials, installing a Monero cryptocurrency miner and a Perl-based IRC backdoor as the final payload. The miner process is hidden using XHide Process Faker, a 17-year old open source tool used to fake the name of a ...
- Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C
July 18, 2019
We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign’s techniques and procedures, and its indicators of compromise (IoCs). Our findings indicate that the campaign appears to be ...
- Bulgaria’s hacked database is now available on hacking forums
July 18, 2019
The database of Bulgaria’s National Revenue Agency (NRA), which was hacked over the weekend and sent to local reporters, is now being shared on hacking forums, ZDNet has learned from sources in the threat intelligence community. Download links to the hacked database have been shared by a hacked data trader known as Instakilla, believed to be operating out of ...